#! /bin/sh
# implements key censoring for barf
# Copyright (C) 1999, 2002  Henry Spencer.
# 
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
# 
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
# for more details.

usage="Usage: $0 [file ...]"
me="ipsec _keycensor"

for dummy
do
	case "$1" in
	--help)		echo "$usage" ; exit 0	;;
	--version)	echo "$me $IPSEC_VERSION" ; exit 0		;;
	--)		shift ; break		;;
	-*)		echo "$0: unknown option \`$1'" >&2 ; exit 2	;;
	*)		break			;;
	esac
	shift
done

awk '	/(sig|enc|auth)key[ \t]*=[ \t]*[^%]/ {
		i = match($0, /key[ \t]*=[ \t]*/)
		i += RLENGTH
		cold = substr($0, 1, i-1)
		hot = substr($0, i)
		sub(/[ \t]+(#.*)?$/, "", hot)
		q = "'"'"'"	# single quote
		if (hot ~ q)
			cooled = "[cannot be condensed]"
		else if (hot ~ /^0s/)
			cooled = "[keyid " substr(hot, 3, 9) "]"
		else {
			run = "echo " q hot q " | md5sum"
			run | getline
			close(run)
			cooled = "[sums to " substr($1, 1, 4) "...]"
		}
		print cold cooled
		next
	}
	{ print }' $*
